Five ways to secure your business from cyber attack

Cyber threat: new employees need to be made aware of any corporate security policiesCredit:
Getty

7 March 2019 • 1:45pm

Businesses need to take steps to fight cybercrime if they are to benefit from digital transformation

For small and medium-sized businesses one of the biggest challenges is maintaining a secure IT network even while they expand and explore innovations.

While it is the larger corporate security breaches that hit the headlines, the reality is that smaller-scale attacks are wreaking havoc daily on smaller businesses.

According to a UK government survey, more than four in 10 businesses (43pc) experienced a cyber security breach or attack in the past 12 months.

And although three-quarters of businesses (74pc) say that cyber security is a high priority for their organisation’s senior management, less than three in 10 businesses (27pc versus 33pc in the previous 2017 survey) have a formal cyber security policy.

But policy is only one step that businesses can take to protect their network. Here are five additional ways that businesses can improve the security of their network in the digital age.

Train employees in cyber security

Understandably most people associate cyber crime with malicious attackers. Of the 53,000 real-word cyber breaches investigated for Verizon’s 2018 Data Breach Investigations Report, 73pc were committed by outsiders. But a quarter were perpetrated by insiders, either maliciously or – in 17pc of cases – simply by human error.

To tackle the problem, new employees (including contractors and third-party users) need to be made aware of any corporate security policies as part of their induction process while refresher training should also be given to existing staff to keep them up to speed on cyber security issues.

Particularly concerning for employers are phishing scams, with employees inadvertently downloading malicious attachments in emails that can put malware on to a device. This gives attackers a foothold in the organisation from which they can move in search of valuable information. Many companies now send out mock phishing emails to make employees aware of any potential risk.

Malware can also be transferred to a corporate system through removable media such as a memory stick or the direct connection of a smartphone via a USB port. The National Cyber Security Centre End User Device Security Guidance provides further guidance on managing the risk of malicious software on user devices.

Keep all devices updated

Undoubtedly one of the greatest cyber security risks for businesses is not keeping their IT networks completely updated. Indeed it was this failure that led to the WannaCry ransomware attack of May 2018, which affected organisations such as the NHS.

Businesses should regularly update their computers, including desktops, laptops and mobile devices, making sure operating systems and web browsers are up to date, as well as installing firmware updates on hardware such as printers and scanners, to protect against the latest threats. If employees are using mobile devices for work, these should also be updated, including any security apps.

Ignoring updates essentially leaves cracks in your defence system that can be exploited by hackers.

Cracks in your defence system: ignoring updates can make you vulnerable to hackersCredit:
Getty

Install a virtual private network

In an era where employees routinely use their own smartphone or laptop to access their work server from anywhere, installing a virtual private network (VPN) can help to make a network much more secure.

Like firewalls, VPNs protect computer data when employees are online by creating a safe and encrypted connection over a less secure network, such as the internet – something particularly useful for employees who use public WiFi in places such as coffee shops or airports. They are becoming increasingly commonplace, with packaged products from well-known cyber security companies giving credibility to a technology that can appear obscure to those not in the know.

Another advantage is that VPNs can be used to view websites and use services that are restricted in certain regions, another annoyance for staff that travel regularly.

Secure business WiFi

An insecure WiFi connection can provide an easy route in for hackers to access a business network. Businesses should secure their WiFi so only employees can access it, ideally without them knowing the password.

If you want open WiFi for customers to use, it is best to use a separate network. Guests should not have the same WiFi access as employees to help stop unknown people from accessing files.

Finally, all internet-of-things devices that can access the network via WiFi should be secured. According to business internet service provider Beaming, building control systems and networked security cameras are some of the most commonly targeted devices, attracting more than two in five (41pc) cyber attacks.

Bad networking: an insecure WiFi connection can provide an easy route in for hackersCredit:
Getty

Manage user privileges

Businesses need to determine what rights and privileges users need to perform their duties, making sure higher-level system privileges are carefully controlled and managed. As well as individual logins for employees whenever possible, redundant accounts (including those of former staff members) should be removed immediately.

Weak, easy-to-guess or shared passwords are a classic vulnerability. One option is to use a password manager tool to generate unique passwords and securely store your logins, so employees do not have to worry about writing them down or forgetting them.

For some accounts it may be appropriate to have additional password protection, such as a code or token (known as two-factor authentication). Biometric authentication technology, such as fingerprint readers, are becoming increasingly widespread to secure devices.